Several Failings of Regulated Firms Identified
The Auditing Practices Board (APB) of the FRC has published Bulletin 2011/2 “Providing assurance on Client Assets to the Financial Services Authority”.
Arising from the financial crisis, the FSA identified a number of failings of regulated firms that held client assets and also raised questions about the quality of Client Asset reports submitted to them by auditors.
This led to the FSA increasing its resource devoted to the area by creating a specialist unit focused on firms’ compliance with the FSA’s CASS Rules. Those rules require regulated firms to hold client money and custody assets separately from their own in order to minimise the risk of loss to clients in the event of the firm’s insolvency.
The FSA also revised its SUP Rules which set out the duties of auditors to report to the FSA with respect to regulated firms’ compliance with the CASS Rules.
The Bulletin issued today provides guidance on the responsibilities of auditors under these revised Rules, which are required to be followed for periods ending 30 September 2011 onwards.
An auditor is required to provide a report to the FSA (known as a ‘Client Assets Report’) on whether the regulated firm has maintained systems adequate to comply with the FSA’s client money and custody rules; and has, as a matter of fact, complied with those rules.
The Bulletin emphasises that the determination of whether assets are properly to be treated as client assets is a complex issue requiring a thorough understanding of a regulated firm’s business model and its internal processes and controls.
In addition, auditors are required to approach the evaluation of the regulated firm’s compliance with the FSA rules from the perspective of the position if the regulated firm becomes insolvent.
Auditors are further required to focus on whether controls are designed and operated to ensure compliance with the CASS Rules, rather than focusing on whether controls will subsequently detect any non-compliance; and the CASS auditor’s report to the FSA must report any and all breaches (irrespective of materiality) of the rules that the auditor becomes aware of. This contributes to the FSA’s risk assessment of the regulated firm.
These considerations result in a quite different approach to that usually applied in the course of a financial statement audit.
Fiona King, the FSA’s Technical Head of Department, Client Assets and Wholesale Conduct commented: “Arising from experience gained in the financial crisis, important improvements to the FSA’s CASS Regime have recently come into effect.
“The FSA welcomes the publication of this Bulletin by the APB, which we expect CASS auditors to have regard to in discharging their responsibilities, with respect to client assets, to the FSA.
“We would, however, remind auditors, as is noted in the Bulletin, that their engagement teams must have a thorough grasp of relevant FSA Rules in order to undertake client asset engagements. CASS audits should be seen as a distinct specialism and audit firms should resist any temptation to regard the CASS audit as an adjunct to a financial statement audit that can be undertaken by inexperienced staff”.
Richard Fleck the Chairman of APB further added: “Difficulties exposed by the financial crisis emphasise the need for CASS auditors to have a thorough understanding of their clients’ legal structures and their business rationale.
“To achieve such an understanding staff undertaking CASS audits should be adequately trained in the CASS Rules, in understanding firm’s business models, and in the evaluation of the design and operating effectiveness of internal controls over client assets”.